[Solved] Why do I see ssh warnings for traffic that should be firewalled?
ryanjaeb last edited by ryanjaeb
I have a firewall with SSH access allowed on the WAN, but only for a limited set of hosts that are defined as alias. I upgraded it to 2.4.4_1 a few days ago and now I see a bunch of log messages that don't seem right:
Here are my firewall rules on the WAN:
I don't think the IP I highlighted in the log should even be allowed to hit the SSH daemon. It's not in my
Admin_Hostsaliases. Can anyone explain why that IP is even allowed to make an attempt?
KOM last edited by
Are you running an IDS like Snort, Suricata or pfBlockerNG?
ryanjaeb last edited by
@KOM No, but, after comparing it to similar configs, I tracked it down to a floating firewall rule (used for traffic shaping) that had a
Passaction instead of a